Security leaders need to focus on core discipline, embracing AI, and consolidating to critical tools.
SPONSORED – In 2016, just 5,579 cybersecurity vulnerabilities (CVEs) were reported in software. By 2021 it took just 12 weeks to hit the 5,000 mark. This rampant growth in software vulnerabilities – many of which are now abused at scale and at blistering pace by an increasingly well-resourced and professionalised global cybercrime industry – has been matched by growth in sophisticated malware, ever-more compelling phishing campaigns and other routes to attack organisation; e.g. fileless malware rates in 2020 increased by over 800% over 2019.
For security professionals, the outcome is an absolute tsunami of threats. Yet for CISOs – many battling to prove to lines of business that security is a business enabler and not a blocker – battening down the hatches is simply not an option. As Thom Langford — a former Publicis CISO and now security advocate at SentinelOne – notes to The Stack: “For CISOs, there’s a parallel with the CIO role. Fifteen years ago it was leading senior IT tasks. Now it’s digital transformation, workplace enablement; everything the business needs to compete.”
But they need the basics in place and too often, they’re simply not: whether that means having the best unified endpoint protection platform (EPP) and endpoint detection and response (EDR) platforms in place, properly utilised, or more simply, ensuring an organisation is taking its broader security hygiene seriously as the attack surface increases exponentially through IoT, 5G, cloud and remote working.
Both in interpreting security risk to the C-suite and the board, and in setting a positive security culture, CISOs and their security peers can lead the way. And critically, well-enforced good security practice can still tackle a great deal of the work. As Langford adds tartly: “A lot of people waste budget – they want to invest in blinking lights and shiny boxes – when focusing on core discipline, user awareness, good process and procedure would address 80% of the problem. Getting the absolute most out of your existing toolkits is also important.”
With IT environments ever more heterogeneous and spread across complex hybrid environments (a complexity rendered even more challenging by the surge in remote work) good EDP and EDR for threat coverage across all endpoints, virtual desktop infrastructure (VDI) workstations, servers, and cloud workloads is now also table stakes – and properly deployed, can let IT and security staff focus on higher-level tasks –proactive threat hunting, reinforcing best practice, or spending more time on security strategy.
Yet, as SentinelOne’s Regional Director for UK & Ireland, Keith Poyser notes: “[Security leaders sometimes] buy overlapping tools that generate yet more data, but duplicate existing software functionality while leaving gaps elsewhere. The result is an inefficient use of budget, in which they pay too much for overlapping metrics and create irrelevant data that can overload and blind analysts.”
That duplication across tools is often unnecessary. SentinelOne’s Singularity platform, for example, provides a single focal point for endpoint and cloud protection, detection and (where desired automated) response, firewall, device control, malware kill/quarantine/isolation, app inventory, network visibility and control, and more. With multiple awards for their AI, Singularity reduces human intervention and overhead, consolidates tools, and so reduces overall security risk and cost.
Users recognise its power to help them secure their organisations: in a deeply competitive market, SentinelOne was the highest rated vendor in Gartner’s 2020 EDR “Voice of the Customer” report, winning praise for product capabilities; evaluation and contracting; integration and deployment.
It also achieved the highest possible score across all critical categories in SE Labs’s Breach Response Test, winning 2020’s “Best Endpoint” category after a battery of tests that mimic how sophisticated criminal and APT groups breach systems and networks. As Simon Edwards, the CEO of SE Labs and chairman of anti-malware testing standards organisation AMTSO put it: “The fact we were not able to find a single hole in SentinelOne is an incredible testament to the breadth of coverage and efficacy of its platform.”
This kind of capability is winning the company a growing army of enterprise security fans. Correctly configured, SentinelOne can support organisations in satisfying PCI DSS and HIPAA compliance requirements. Its “Singularity Marketplace”, meanwhile, launched in February 2021, lets security teams use “bite-sized, one-click applications” to integrate with everything from CMDB, SIEM, IAM, network, SASE, or email security – then store data in its unified cloud data lake for machine-speed detection analytics and threat hunting.
And in a world of ever-more sophisticated attacks, having a powerful security bedrock in place is critical – particularly with compliance risk, reputational risk, even personal credibility risk for security professionals all growing. As Keith Poyser notes: “The cybersecurity landscape has evolved to the point where businesses can no longer afford to lurch from headline to headline. Modern compromises might still be partly manual, but adversaries are automating more of the attack chain every day. Automated, AI based prevention and early responses are even more important.”